summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorHerbert Xu <herbert@gondor.apana.org.au>2015-04-02 22:31:22 +0800
committerHerbert Xu <herbert@gondor.apana.org.au>2015-04-03 17:53:32 +0800
commit1f7237109951ebe8dc194461716443a5d8caf308 (patch)
treed66524f7b6ed702c7939975abd53af31141599f3 /crypto
parent13cf394c8c79b5655cdc76f7ae0d9869a1434103 (diff)
downloadlinux-stable-1f7237109951ebe8dc194461716443a5d8caf308.tar.gz
linux-stable-1f7237109951ebe8dc194461716443a5d8caf308.tar.bz2
linux-stable-1f7237109951ebe8dc194461716443a5d8caf308.zip
crypto: api - Fix races in crypto_unregister_instance
There are multiple problems in crypto_unregister_instance: 1) The cra_refcnt BUG_ON check is racy and can cause crashes. 2) The cra_refcnt check shouldn't exist at all. 3) There is no reference on tmpl to protect the tmpl->free call. This patch rewrites the function using crypto_remove_spawn which now morphs into crypto_remove_instance. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/algapi.c23
1 files changed, 7 insertions, 16 deletions
diff --git a/crypto/algapi.c b/crypto/algapi.c
index 83b04e0884b1..0f1976eceb27 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -99,10 +99,9 @@ static struct list_head *crypto_more_spawns(struct crypto_alg *alg,
return &n->list == stack ? top : &n->inst->alg.cra_users;
}
-static void crypto_remove_spawn(struct crypto_spawn *spawn,
- struct list_head *list)
+static void crypto_remove_instance(struct crypto_instance *inst,
+ struct list_head *list)
{
- struct crypto_instance *inst = spawn->inst;
struct crypto_template *tmpl = inst->tmpl;
if (crypto_is_dead(&inst->alg))
@@ -167,7 +166,7 @@ void crypto_remove_spawns(struct crypto_alg *alg, struct list_head *list,
if (spawn->alg)
list_move(&spawn->list, &spawn->alg->cra_users);
else
- crypto_remove_spawn(spawn, list);
+ crypto_remove_instance(spawn->inst, list);
}
}
EXPORT_SYMBOL_GPL(crypto_remove_spawns);
@@ -554,28 +553,20 @@ EXPORT_SYMBOL_GPL(crypto_register_instance);
int crypto_unregister_instance(struct crypto_alg *alg)
{
- int err;
struct crypto_instance *inst = (void *)alg;
- struct crypto_template *tmpl = inst->tmpl;
- LIST_HEAD(users);
+ LIST_HEAD(list);
if (!(alg->cra_flags & CRYPTO_ALG_INSTANCE))
return -EINVAL;
- BUG_ON(atomic_read(&alg->cra_refcnt) != 1);
-
down_write(&crypto_alg_sem);
- hlist_del_init(&inst->list);
- err = crypto_remove_alg(alg, &users);
+ crypto_remove_spawns(alg, &list, NULL);
+ crypto_remove_instance(inst, &list);
up_write(&crypto_alg_sem);
- if (err)
- return err;
-
- tmpl->free(inst);
- crypto_remove_final(&users);
+ crypto_remove_final(&list);
return 0;
}